New Twitter Policy Abandons a Longstanding Privacy Pledge

Twitter plans
to roll out a new privacy policy on June 18, and, with it,
is promising to roll back its longstanding
commitment
to obey the Do Not Track (DNT) browser privacy setting.
Instead, the company is switching to the Digital Advertising Alliance's toothless and broken self-regulatory program.
At the same time, the company is taking the opportunity to introduce a new tracking option and two new targeting
options, all of which are set to “track and target” by default. These are not the actions of a
company that respects people’s privacy choices.

Twitter implements various methods of tracking, but one of the biggest is the
use of Tweet buttons, Follow buttons, and embedded Tweets to record much of
your browsing history. When you visit a page
that contains one of these, your browser make a request to Twitter’s servers.
That request contains a header that tells Twitter which web site you visited. By
setting a unique cookie, Twitter can build a profile of
your browsing history, even if you aren’t a Twitter user. When Twitter
rolled out this tracking, it was the first major social network to do so;
at the time, Facebook and Google+ were careful not to use their social widgets for tracking, due
to privacy concerns. Twitter sweetened their new tracking initiative for privacy-aware Internet users by
offering Do
Not Track support. However, when the other social networks quietly followed in Twitter's footsteps, they
decided to ignore Do Not Track.

Now, Twitter proposes to abandon the Do Not Track standard and use
the “WebChoices” tool, part of self-regulatory program of the Digital Advertising Alliance (DAA).
This program is toothless because the only choice it allows users is to
opt out of “customizing ads,” when most people actually want to opt out of tracking.
Many DAA participants, including Twitter,
continue to collect your information even if you
opt-out, but will hide that fact by only showing you untargeted ads. This is
similar to asking someone to stop openly eavesdropping on your conversation, only to
watch them hide behind a curtain and keep listening.

Also, WebChoices is broken; it’s incompatible with other privacy tools, and
it requires constant vigilance in order to use. It relies on setting a
third-party opt-out cookie on 131 different advertising sites. But doing this is
incompatible with one of the most basic browser privacy settings: disabling
third party cookies. Even if you allow third party cookies, your opt-out only
lasts until the next time you clear cookies, another common user strategy for
protecting online privacy. And new advertising sites are created all the time.
When the 132nd site is added to WebChoices, you need to go back and
repeat your opt-out, which, unless you follow the advertising press, you won’t
know to do.

These problems with DAA's program are why Do Not Track exists. It’s simple, compatible with other
privacy measures, and works across browsers.

Twitter knows the difference between a real opt-out and a fake one: for
years, it has implemented DNT as a true "stop tracking" option, and you can still
choose that option under the "Data" section of Twitter's settings,
whether you are a Twitter user or not. However, if you use the new DAA opt-out that Twitter
plans to offer instead of DNT, the company will treat that as a fake opt-out: Twitter keeps tracking,
but won't show you ads based on it.

What can you do as an individual to protect yourself against Twitter's tracking? First,
follow
our guide to disable the settings. Second, install
Privacy Badger, EFF's browser extension that, in addition to setting DNT, attempts to automatically
detect and block third-party tracking behavior. Privacy Badger also specifically replaces some
social network widgets with non-tracking static versions.

Twitter is taking a big step
backwards for user privacy by abandoning Do Not Track. The company should draft a new privacy
policy before June 18 that keeps DNT support, and treats both DNT and the DAA opt-out as a true
"stop tracking" option.

When new users try Privacy Badger, they often get confused about why Privacy Badger isn’t blocking anything right away. But that’s because Privacy Badger learns about trackers as you browse; up until now, it hasn’t been able to block trackers on the first few sites it sees after being installed.

Browser fingerprinting is on a collision course with privacy regulations. For almost a decade, EFF has been raising awareness about this tracking technique with projects like Panopticlick. Compared to more well-known tracking “cookies,” browser fingerprinting is trickier for users and browser extensions to combat: websites can do it without...

Mark Zuckerberg, Facebook’s founder and CEO, thinks people want targeted advertising. The “overwhelming feedback,” he said multipletimes during his congressional testimony, was that people want to see “good and relevant” ads. Why then are so many Facebook users, including leaders of state in...

The latest update to Privacy Badger brings a new onboarding process and other improvements. The new onboarding process will make Privacy Badger easier to use and understand. These latest changes are just some of the many improvements EFF has made to the project, with more to come! ...

With Facebook in a dominant position in hosting a huge portion of the world’s social conversation, we’ve been worried about the incredible power the company has accumulated and the risks that poses to privacy and democratic conversation. Last week’s news about Facebook and Cambridge Analytica has shown that our worst...

Today we are releasing the implementation guide for EFF’s Do Not Track (DNT) policy. For years users have been able to set a Do Not Track signal in their browser, but there has been little guidance for websites as to how to honor that request. EFF’s DNT...

In June, Twitter discontinued its support for Do Not Track (DNT), the privacy-protective browser signal it has honored since 2012. EFF argued that Twitter should reconsider this decision, but that call has gone unheeded. In response, EFF’s Privacy Badger has new features to mitigate user tracking both...

Recently Google and Apple announced plans to respond to complaints about online advertising. Both companies will implement changes to their browsers to neutralize some of the most annoying ad formats, but only Apple has chosen to address concerns around user privacy. Starting sometime in 2018, Google's Chrome browser will begin...